2 matches found
CVE-2019-18840
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location...
CVE-2019-18840
WolfSSL (wolfSSL 4.1.0–4.2.0c) is affected by a buffer overflow in the GetName path of the ASN.1 certificate parser (DecodedCert in wolfcrypt/src/asn.c). The root cause is missing sanity checks during memory access, where the domain name location index is mishandled, allowing a one-byte heap-base...